An Unauthenticated Arbitrary File Upload is a critical vulnerability, so you should update this plugin as quickly as possible. PluginVulnerabilities.com has a good write-up on the specifics of the vulnerable code. If you are unable to patch, the issue can be partially mitigated by either preventing image uploading through the plugin (as described in the pluginvulnerabilties write-up) or by blocking php execution in the uploads directory (which you should be doing anyway).